From: tjhunt Date: Tue, 30 Oct 2007 10:50:20 +0000 (+0000) Subject: MDL-11951 - supplemental - need capability checks in the outer if of the file too... X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=3fc3ebf26bc58db00a51a8be548a78ca6ae3c4f3;p=moodle.git MDL-11951 - supplemental - need capability checks in the outer if of the file too. Merged from MOODLE_19_STABLE. --- diff --git a/admin/settings/frontpage.php b/admin/settings/frontpage.php index c88928c9b8..4481d6be1e 100644 --- a/admin/settings/frontpage.php +++ b/admin/settings/frontpage.php @@ -5,12 +5,19 @@ if (get_site()) { //do not use during installation $frontpagecontext = get_context_instance(CONTEXT_COURSE, SITEID); - if ($hassiteconfig - or has_capability('moodle/course:update', $frontpagecontext) - or has_capability('moodle/role:assign', $frontpagecontext) - or has_capability('moodle/site:restore', $frontpagecontext) - or has_capability('moodle/site:backup', $frontpagecontext) - or has_capability('moodle/course:managefiles', $frontpagecontext)) { + if ($hassiteconfig or has_any_capability(array( + 'moodle/course:update', + 'moodle/role:assign', + 'moodle/site:restore', + 'moodle/site:backup', + 'moodle/course:managefiles', + 'moodle/question:add', + 'moodle/question:editmine', + 'moodle/question:editall', + 'moodle/question:viewmine', + 'moodle/question:viewall', + 'moodle/question:movemine', + 'moodle/question:moveall'), $frontpagecontext)) { // "frontpage" settingpage $temp = new admin_settingpage('frontpagesettings', get_string('frontpagesettings','admin'), 'moodle/course:update', false, $frontpagecontext); diff --git a/lib/accesslib.php b/lib/accesslib.php index 4f36f5a994..bf9eb1b6cf 100755 --- a/lib/accesslib.php +++ b/lib/accesslib.php @@ -429,6 +429,28 @@ function has_capability($capability, $context, $userid=NULL, $doanything=true) { return has_capability_in_accessdata($capability, $context, $ACCESS[$userid], $doanything); } +/** + * This function returns whether the current user has any of the capabilities in the + * $capabilities array. This is a simple wrapper around has_capability for convinience. + * + * There are probably tricks that could be done to improve the performance here, for example, + * check the capabilities that are already cached first. + * + * @param array $capabilities - an array of capability names. + * @param object $context - a context object (record from context table) + * @param integer $userid - a userid number, empty if current $USER + * @param bool $doanything - if false, ignore do anything + * @return bool + */ +function has_any_capability($capabilities, $context, $userid=NULL, $doanything=true) { + foreach ($capabilities as $capability) { + if (has_any_capability($capability, $context, $userid, $doanything)) { + return true; + } + } + return false; +} + /** * Uses 1 DB query to answer whether a user is an admin at the sitelevel. * It depends on DB schema >=1.7 but does not depend on the new datastructures